[test suite] add ENABLE_RULE_PREPEND test

Makefile.am

@@ -137,6 +137,7 @@ EXTRA_DIST = \
     test/conf/default_access.conf \
     test/conf/default_fwknopd.conf \
     test/conf/portrange_fwknopd.conf \
+    test/conf/prepend_fwknopd.conf \
     test/conf/ipt_custom_input_chain_fwknopd.conf \
     test/conf/firewd_custom_input_chain_fwknopd.conf \
     test/conf/ipt_custom_nat_chain_fwknopd.conf \

server/config_init.c

@@ -884,8 +884,8 @@ validate_options(fko_srv_options_t *opts)
         set_config_entry(opts, CONF_ENABLE_X_FORWARDED_FOR, DEF_ENABLE_X_FORWARDED_FOR);
 
     /* Prepend firewall rules*/
-    if(opts->config[CONF_ENABLE_PREPEND] == NULL)
-        set_config_entry(opts, CONF_ENABLE_PREPEND, DEF_ENABLE_PREPEND);
+    if(opts->config[CONF_ENABLE_RULE_PREPEND] == NULL)
+        set_config_entry(opts, CONF_ENABLE_RULE_PREPEND, DEF_ENABLE_RULE_PREPEND);
 
     /* NAT DNS enabled*/
     if(opts->config[CONF_ENABLE_NAT_DNS] == NULL)

server/fw_util_firewalld.c

@@ -1171,7 +1171,7 @@ create_rule(const fko_srv_options_t * const opts,
 
     zero_cmd_buffers();
 
-    if (strncasecmp(opts->config[CONF_ENABLE_PREPEND], "Y", 1) == 0) {
+    if (strncasecmp(opts->config[CONF_ENABLE_RULE_PREPEND], "Y", 1) == 0) {
         snprintf(cmd_buf, CMD_BUFSIZE-1, "%s -I %s %s",
                 opts->fw_config->fw_command, fw_chain, fw_rule);
     } else {

server/fw_util_iptables.c

@@ -1154,7 +1154,7 @@ create_rule(const fko_srv_options_t * const opts,
 
     zero_cmd_buffers();
 
-    if (strncasecmp(opts->config[CONF_ENABLE_PREPEND], "Y", 1) == 0) {
+    if (strncasecmp(opts->config[CONF_ENABLE_RULE_PREPEND], "Y", 1) == 0) {
         snprintf(cmd_buf, CMD_BUFSIZE-1, "%s -I %s %s",
                 opts->fw_config->fw_command, fw_chain, fw_rule);
     } else {

server/fwknopd_common.h

@@ -95,7 +95,7 @@
 #define DEF_MAX_SNIFF_BYTES             "1500"
 #define DEF_GPG_HOME_DIR                "/root/.gnupg"
 #define DEF_ENABLE_X_FORWARDED_FOR      "N"
-#define DEF_ENABLE_PREPEND              "N"
+#define DEF_ENABLE_RULE_PREPEND         "N"
 #define DEF_ENABLE_NAT_DNS              "Y"
 #ifdef  GPG_EXE
   #define DEF_GPG_EXE                   GPG_EXE
@@ -282,7 +282,7 @@ enum {
     //CONF_EXT_CMD_PREFIX,
     CONF_ENABLE_X_FORWARDED_FOR,
     CONF_ENABLE_DESTINATION_RULE,
-    CONF_ENABLE_PREPEND,
+    CONF_ENABLE_RULE_PREPEND,
     CONF_ENABLE_NAT_DNS,
 #if FIREWALL_FIREWALLD
     CONF_ENABLE_FIREWD_FORWARDING,

test/conf/prepend_fwknopd.conf

@@ -0,0 +1,3 @@
+# default config - no variables set to allow defaults to be preserved
+
+ENABLE_RULE_PREPEND         Y;

test/test-fwknop.pl

@@ -434,6 +434,7 @@ our %cf = (
     'include_m1_hmac_access'       => "$conf_dir/include_m1_hmac_access.conf",
     'include_def_hmac_access'      => "$conf_dir/include_def_hmac_access.conf",
     'include_keys1_hmac_access'    => "$conf_dir/include_keys1_hmac_access.conf",
+    'prepend_fwknopd'              => "$conf_dir/prepend_fwknopd.conf",
     'hmac_cmd_access'              => "$conf_dir/hmac_cmd_access.conf",
     'hmac_cmd_setuid_access'       => "$conf_dir/hmac_cmd_setuid_access.conf",
     'hmac_cmd_giduid_access'       => "$conf_dir/hmac_cmd_giduid_access.conf",

test/tests/rijndael_hmac.pl

@@ -202,6 +202,22 @@
             qr/SOURCE\s.*123\.3\.3\.3/
          ],
     },
+    {
+        'category' => 'Rijndael+HMAC',
+        'subcategory' => 'client+server',
+        'detail'   => 'complete cycle prepend',
+        'function' => \&spa_cycle,
+        'cmdline'  => $default_client_hmac_args,
+        'fwknopd_cmdline' => "$fwknopdCmd -c $cf{'prepend_fwknopd'} -a $cf{'hmac_access'} " .
+            "-d $default_digest_file -p $default_pid_file $intf_str",
+        'fw_rule_created' => $NEW_RULE_REQUIRED,
+        'fw_rule_removed' => $NEW_RULE_REMOVED,
+        'key_file' => $cf{'rc_hmac_b64_key'},
+        'server_positive_output_matches' => [
+            qr/\s\-I\sFWKNOP_INPUT.*\s\-s\s127.0.0.2/
+         ],
+    },
+
     {
         'category' => 'Rijndael+HMAC',
         'subcategory' => 'client+server',